http://blog.nerdery.com/2013/09/why-wordpress-security-stories-are-wrong/
Egy rövid lista, hogy mit kellene betartani egy WordPress tulajdonosnak:
- Use a dedicated or virtual server, avoid shared hosting <– :))
- Back up your site (files and database) regularly (consider a service such as VaultPress)
- Keep your WordPress core installation up to date
- Keep your WordPress plugins up to date
- Keep your WordPress themes up to date
- Uninstall (not just disable) any unused plugins or themes
- Avoid plugins and themes from untrusted sources
- Do not use admin (or other easily guessable usernames)
- Use a strong password!
- Ensure your own PC is malware free (to keep keyloggers and malware from stealing your credentials)
- Monitor your server and user stats
- Restrict WP-Admin to your VPN or proxy
- Restrict WP-Admin using HTTP Basic Auth
- Restrict WP-Admin to your IP address
- Deny access to wp-content directories
- Remove WordPress version from meta
- Protect WP-Admin with authentication
- Force SSL
- Get a security audit
- Report potential core vulnerabilities
- Report potential plugin vulnerabilities